Solved

VERY STRANGE Image Size behavior (when PHP script sends image to browser)

Posted on 2003-11-24
6
238 Views
Last Modified: 2008-03-17
I'm using a PHP Script to read a file from outside of the document root, and sends it to the browser.

The problem is that I.E. Does not correctly "understand" the size fo the image (when I right click and select properties it says "Not Specified".  

I've tracked this down to the fact that I am calling session_start() before sending the image.  As a result, the session cookie is sent to the browser before the image data and when this happens, i.e. doesn't correctly understand the image size (for some bizarr reason).

At any rate, if I simply comment out this line, the image works EXACTLY as though it's accessed directly (not through the script).  The problem is that I need data from the session to determine which image to show.

So - my question is:

1) Is there any way to access the session data without sending a session cookie to the browser (just from my "picture" script).

2) Does anyone understand why this causes a problem in I.E. and is there any other way around it?

Thank you in advance for any help you can provide.  The script is included below:

picture.php:
            session_start();
            $filename = "/tmp/files/" . $_SESSION['filename'];
            header("Accept-Ranges: bytes");
            header("Content-Length: " . filesize($filename));
            header("Connection: close");
            header("Content-Disposition: inline; filename=" . $_SESSION['filename']);
            header("Content-Type: image/gif");
            $fd = fopen ($filename, "r");
            echo fread ($fd, filesize ($filename));
            fclose ($fd);


Again - All I have to do is just // session_start() and everything works PERFECTLY.  

Thoughts?
0
Comment
Question by:kalliopi
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:ashoooo
ID: 9813419
Can you wrap your image in an HTML file? for eg...

picture.php:
          session_start();
          <html><head></head>
          <body><img src="pictureGen.php?name=<?php echo$_SESSION[filename]; ?>"></body></html>


pictureGen.php:
          $filename = "/tmp/files/" . $_GET['filename'];   // $_SESSION['filename'] has been changed to $_GET['name']
          header("Accept-Ranges: bytes");
          header("Content-Length: " . filesize($filename));
          header("Connection: close");
          header("Content-Disposition: inline; filename=" . $_GET['name']);
          header("Content-Type: image/gif");
          $fd = fopen ($filename, "r");
          echo fread ($fd, filesize ($filename));
          fclose ($fd);

This is just a workaround...
0
 
LVL 6

Author Comment

by:kalliopi
ID: 9813799
Thanks for the input.  I probably should have been more clear.  The whole reason for needing the session data is for security purposes.  I don't want to have to pass the filename to the file for security purposes.  The session looks up the filename in a database and verifies that the user who's logged in (also tracked in the session) has access to that file.  If I pass the filename and just print whatever's passed, the security would be lost and the person viewing the picture would be able to look at any file in the /tmp/files directory.  Does that make sense?  

It seems like I should be able to READ the session data (from a particular script) without sending the session cookie data back to the client (just from that one script).  I just don't know how to do that.  I've tried working with output buffering, and then clearning the output buffer right before sending the image data but unfortunately, output buffering does not appear to effect header data...

Thoughts?
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9813914
Hmmm,

The cookie should be already on the client, and you shouldn't have to send it again, so all you want to do is read the cookie, and not resend it.

One possible workaround would be to tell sessions in that particular file not to use cookies. You might then have to copy the data from $_COOKIE to $_GET(or $_REQUEST), to fool PHP  into thinking that the SID had come from a GET(or POST) variable, and not the cookie, before calling session_start().

Let us know if it works.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 6

Author Comment

by:kalliopi
ID: 9814508
aolXFT - this looks promising and I played around a little bit with turning cookies off for that specific file, but I couldn't figure it out specifically.

Can you be a little bit more explicit?
0
 
LVL 6

Accepted Solution

by:
aolXFT earned 250 total points
ID: 9827385
I haven't much time right now, but try

ini_set('session.use_cookies', 0);
session_start();


0
 
LVL 6

Author Comment

by:kalliopi
ID: 9827861
Thank you aolXFT - that was perfect.  It did EXACTLY what I wanted.  I actually had to also add ini_set('session.cache_limiter', ''); as well, but you certainly pointed me in the right directly.  

That's AWESOME.  Thank you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now